Ground-Level Security Tips for Operating in The Cloud
The ability to store and access masses of data in the cloud is transforming the way supply chains are managed worldwide. Understandably, the idea that sensitive logistics data is being held somewhere in a cloud-enabled database raises a number of security concerns. How can a system that relies on the internet to store data afford adequate protection against hackers and other criminal interests?
The answer is that the cloud is as vulnerable to cyber threats as more conventional information systems, and requires similar safeguards. However, some service companies with ulterior commercial motives have exaggerated the risks. It’s important to distinguish between the commentary of these doomsayers and genuine analyses of the cloud’s risk profile.
As is the case with any information system, cloud users need to gain a thorough understanding of their organization’s risk posture and the scope of the data they are aiming to protect. By all means employ a checklist to help ensure that all the security bases are covered, but be careful not to become captive to it. A generalized list might overlook critical areas of risk within your logistics operation.
Pay attention to cloud systems that are managed by fourth parties. These could be service organizations that provide support on behalf of the cloud provider. For example, what are the risk implications of co-located data centers? Who is managing external storage devices? A fourth party might be an indirect marketing organization that uses portions of the data in promotional campaigns. Again, to what extent do these external providers elevate the likelihood of a security breach?
Reading user agreements is probably not your idea of fun, but for cloud applications these documents can offer important information on how a storage system works.
Another area that warrants special attention is external auditing. Has the cloud provider undergone—or is currently undergoing—an audit by an impartial auditor that makes public-facing statements on the performance of the organizations’ control systems? An example is the SSAE 16 (International Standard on Assurance Engagements) audit, an internationally recognized third-party audit that benchmarks a service organization’s controls and processes against industry best practices.
Be judicious about the types of data you store in the cloud. Maybe you need to find alternative storage and retrieval methods for hyper-sensitive information or reinforce your security shield with encryption techniques. Similarly, be careful about who is authorized to access databases that reside in the cloud.
Looking ahead, security threats are likely to increase as the level of interconnectivity between networks and devices increases. For example, a recent report from research firm Gartner* predicts a 30-fold increase in internet-connected physical devices by 2020. The Internet of Things will bring huge opportunities for cutting costs and improving service quality—and more ways for cyber criminals to infiltrate data systems.